npm - vibehacker - Versions diffs - 4.1.0 → 4.2.1 - Mend

vibehacker 4.1.0 → 4.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (17) hide show

package/src/approve.js CHANGED Viewed

@@ -25,6 +25,7 @@ const NEEDS_APPROVAL = new Set([
 function describeToolCall(tc) {
   const { name, args } = tc;
   if (name === 'write_file')       return args.path || '(unknown path)';
+  if (name === 'edit_file')        return args.path || '(unknown path)';
   if (name === 'execute_command')  return args.command || '(unknown command)';
   if (name === 'delete_file')      return args.path || '(unknown path)';
   if (name === 'create_directory') return args.path || '(unknown path)';
@@ -77,40 +78,34 @@ function showApproval(screen, tc, context) {
     const W = Math.min(Math.max(40, screen.width - 6), 70);
-    // Fixed chrome: border(2) + blank(1) + header(1) + detail(1) + blank(1)
-    // + "Do you want to proceed?"(1) + blank(1) + buttons(items.length)
-    // + blank(1) + hint(1) = 10 + items.length
-    // Everything else (context line + preview) must fit in remaining space.
-    const maxH    = Math.max(10, screen.height - 4);
-    const fixedH  = 10 + items.length;
-    const budget  = Math.max(0, maxH - fixedH);
+    // Fixed chrome lines:
+    //   border-top(1) + blank(1) + header(1) + detail(1) + blank(1)
+    //   + "Do you want to proceed?"(1) + blank(1) + buttons(3)
+    //   + blank(1) + hint(1) + border-bottom(1) = 13
+    const CHROME = 13;
+    const maxH   = Math.max(CHROME, screen.height - 2);
     // Context eats 1 line if present
     const ctxLine = context ? `{#444444-fg}${esc(context)}{/#444444-fg}` : '';
     const ctxCost = ctxLine ? 1 : 0;
-    // Preview: clamp to remaining budget (separator + lines)
+    // Preview: hard-cap to 4 lines max — buttons MUST always be visible
     let preview = '';
     if (tc.name === 'write_file' && tc.args.content) {
       preview = tc.args.content;
     } else if (tc.name === 'execute_command') {
       preview = tc.args.command || '';
     }
-    const previewBudget = Math.max(0, budget - ctxCost - (preview ? 1 : 0)); // -1 for separator
     if (preview) {
       const allLines = preview.split('\n');
-      if (allLines.length > previewBudget) {
-        preview = allLines.slice(0, Math.max(1, previewBudget - 1)).join('\n') + '\n…';
-      }
-      // Also hard-cap to 6 lines regardless, to keep dialog compact
-      const cappedLines = preview.split('\n');
-      if (cappedLines.length > 6) {
-        preview = cappedLines.slice(0, 5).join('\n') + '\n…';
+      const maxPreviewLines = Math.min(4, Math.max(0, maxH - CHROME - ctxCost - 1));
+      if (allLines.length > maxPreviewLines) {
+        preview = allLines.slice(0, Math.max(1, maxPreviewLines - 1)).join('\n') + '\n…';
       }
     }
     const previewCost = preview ? preview.split('\n').length + 1 : 0; // +1 separator
-    const H = Math.min(maxH, fixedH + ctxCost + previewCost);
+    const H = Math.min(maxH, CHROME + ctxCost + previewCost);
     const box = blessed.box({
       parent:  screen,

package/src/providers.js CHANGED Viewed

@@ -10,7 +10,7 @@ const PROVIDERS = {
     name:      'Vibe Hacker',
     shortName: 'Vibe Hacker',
     baseURL:   VH_GATEWAY_URL,
-    freeNote:  '100 req/day free',
+    freeNote:  '50 req/day free',
     tier:      'free',
     detectKey: k => k.startsWith('vh_'),
     getKey:    () => 'Sign up at https://vibsecurity.com',
@@ -29,7 +29,7 @@ const PROVIDERS = {
     name:      'Vibe Hacker',
     shortName: 'Vibe Hacker',
     baseURL:   'https://openrouter.ai/api/v1',
-    freeNote:  '100 req/day free',
+    freeNote:  '50 req/day free',
     tier:      'free',
     detectKey: k => k.startsWith('sk-or-v1-'),
     getKey:    () => 'vibsecurity.com/login',

package/src/src/agent.js ADDED Viewed

@@ -0,0 +1,311 @@
+'use strict';
+const fs = require('fs');
+const path = require('path');
+const { streamChat } = require('./api');
+const { parseToolCalls, executeTool, TOOL_DOCS } = require('./tools');
+const config = require('./config');
+// ── Modes ────────────────────────────────────────────────────────────────────
+const MODES = [
+  { id: 'chat', name: 'Chat', description: 'Security Q&A and threat intel' },
+  { id: 'hunt', name: 'Hunt', description: 'Autonomous coding, security ops & tool use' },
+];
+// ── Project Memory ───────────────────────────────────────────────────────────
+// Cached — only reads filesystem once per cwd, refreshes when cwd changes.
+let _memCache = { cwd: null, content: null };
+function loadProjectMemory(cwd) {
+  if (_memCache.cwd === cwd) return _memCache.content;
+  const candidates = [
+    path.join(cwd, 'VIBEHACKER.md'),
+    path.join(cwd, '.vibehacker', 'context.md'),
+    path.join(cwd, '.vibehacker', 'instructions.md'),
+  ];
+  let result = null;
+  for (const f of candidates) {
+    try {
+      const c = fs.readFileSync(f, 'utf8');
+      if (c.trim()) { result = { file: path.relative(cwd, f), content: c.trim() }; break; }
+    } catch (_) {}
+  }
+  _memCache = { cwd, content: result };
+  return result;
+}
+// ── System Prompt — Cached, Only Rebuilt When cwd/mode Changes ───────────────
+let _promptCache = { mode: null, cwd: null, prompt: null };
+function buildSystemPrompt(mode, cwd) {
+  if (_promptCache.mode === mode && _promptCache.cwd === cwd && _promptCache.prompt) {
+    return _promptCache.prompt;
+  }
+  const os    = process.platform === 'win32' ? 'Windows' : process.platform === 'darwin' ? 'macOS' : 'Linux';
+  const shell = process.platform === 'win32' ? 'powershell' : 'bash';
+  const date  = new Date().toISOString().split('T')[0];
+  const projectMem = loadProjectMemory(cwd);
+  const projectSection = projectMem
+    ? `\n\n# Project Instructions (${projectMem.file})\n${projectMem.content}\n`
+    : '';
+  let prompt;
+  if (mode === 'hunt') {
+    prompt = `You are Vibe Hacker v${config.version} — an expert autonomous AI agent.
+# Environment
+- CWD: ${cwd}
+- OS: ${os} | Shell: ${shell} | Date: ${date}
+${projectSection}
+# HUNT MODE — Autonomous Agent with Tool Access
+You have filesystem + shell access via XML tool blocks. DO the work — don't describe it.
+${TOOL_DOCS}
+# Rules (MANDATORY)
+1. USE TOOLS. Don't explain what you'd do — DO IT with tool calls.
+   ✗ "You could run npm install" → ✓ <execute_command><command>npm install</command></execute_command>
+2. READ BEFORE EDIT. Always read_file before edit_file. The tool rejects edits on unread files.
+3. EDIT > WRITE. Modify existing files with edit_file (surgical replacement). Only write_file for NEW files.
+4. EXACT MATCHING. edit_file old_string must match the file exactly — whitespace, indentation, everything.
+   If it fails: read the file again, the content changed. Add more surrounding context if not unique.
+5. MULTIPLE TOOLS OK. Use several tools in one response when they're independent.
+6. GREP > MANUAL SEARCH. Use grep/glob to find code. Don't read every file looking for something.
+7. NON-INTERACTIVE COMMANDS ONLY. No vim, nano, interactive prompts. Use -y/--yes flags. 2 min timeout.
+8. COMPLETE CODE. Never write "// ...", "// TODO", "// rest of code". Write the full implementation.
+9. VERIFY. After changes: read back files, run tests, fix issues. Don't declare done without checking.
+# Error Recovery
+- edit_file "not found" → Read file again. Check whitespace. Content may have changed.
+- edit_file "multiple matches" → Add more surrounding lines to old_string.
+- Command failed → Read error. Check dependencies. Try different approach.
+- File not found → Use glob/list_files to find correct path.
+# Workflow: EXPLORE → PLAN (1-2 sentences) → EXECUTE → VERIFY
+# Style: Direct. No filler. Brief explanations between tools. Summary when done.`;
+  } else {
+    prompt = `You are Vibe Hacker v${config.version} — expert AI for cybersecurity and engineering.
+# Environment
+- OS: ${os} | Date: ${date}
+${projectSection}
+# CHAT MODE — Expert Answers
+Direct, accurate, actionable. No filler. Markdown with language-tagged code blocks.
+For security: include attack vectors + mitigations. For code: working examples, not pseudocode.`;
+  }
+  _promptCache = { mode, cwd, prompt };
+  return prompt;
+}
+// ── Thinking Extraction ──────────────────────────────────────────────────────
+function extractThinking(text) {
+  let visible = text;
+  let thinking = '';
+  // Remove <think>...</think> and <thinking>...</thinking> blocks
+  visible = visible.replace(/<think(?:ing)?>([\s\S]*?)<\/think(?:ing)?>/g, (_, t) => {
+    thinking += t.trim() + '\n';
+    return '';
+  });
+  return { visible: visible.replace(/\n{3,}/g, '\n\n').trim(), thinking: thinking.trim() };
+}
+// ── Token Estimation (fast, cached per string length) ────────────────────────
+function estimateTokens(text) {
+  if (!text) return 0;
+  // Empirical: ~3.5 chars per token for mixed code/text
+  return Math.ceil(text.length / 3.5);
+}
+// ── Context Trimming — Proactive, Prioritized ────────────────────────────────
+function trimHistory(messages, maxContextTokens) {
+  // Fast total estimate
+  let total = 0;
+  for (let i = 0; i < messages.length; i++) total += estimateTokens(messages[i].content);
+  const budget = Math.floor(maxContextTokens * 0.55); // 45% headroom for response + tool results
+  if (total <= budget) return messages;
+  // Phase 1: Strip thinking blocks from old assistant messages
+  let trimmed = messages.map((m, i) => {
+    if (i === 0 || i >= messages.length - 6) return m; // keep system + recent
+    if (m.role === 'assistant' && (m.content.includes('<think>') || m.content.includes('<thinking>'))) {
+      const { visible } = extractThinking(m.content);
+      return { ...m, content: visible };
+    }
+    return m;
+  });
+  total = 0;
+  for (const m of trimmed) total += estimateTokens(m.content);
+  if (total <= budget) return trimmed;
+  // Phase 2: Compress old tool results to headers only
+  trimmed = trimmed.map((m, i) => {
+    if (i === 0 || i >= trimmed.length - 6) return m;
+    if (m.role === 'user' && m.content.startsWith('[Tool Result:') && m.content.length > 800) {
+      return { ...m, content: m.content.split('\n')[0] + '\n[output trimmed]' };
+    }
+    if (m.role === 'assistant' && m.content.length > 1500 && i < trimmed.length - 8) {
+      return { ...m, content: m.content.substring(0, 400) + '\n[...]\n' + m.content.slice(-300) };
+    }
+    return m;
+  });
+  total = 0;
+  for (const m of trimmed) total += estimateTokens(m.content);
+  if (total <= budget) return trimmed;
+  // Phase 3: Drop middle messages
+  const keep = Math.min(8, trimmed.length - 2);
+  if (trimmed.length <= keep + 2) return trimmed;
+  const dropped = trimmed.length - keep - 1;
+  return [
+    trimmed[0],
+    { role: 'user', content: `[${dropped} earlier messages trimmed for context]` },
+    ...trimmed.slice(-keep),
+  ];
+}
+// ── Agent ────────────────────────────────────────────────────────────────────
+class Agent {
+  constructor() {
+    this.history = [];
+    this.mode    = 'chat';
+    this.cwd     = process.cwd();
+  }
+  setMode(mode) { this.mode = mode; this.history = []; _promptCache.mode = null; }
+  setCwd(dir)   { this.cwd = dir; _promptCache.cwd = null; _memCache.cwd = null; }
+  clearHistory(){ this.history = []; }
+  async run({ userMessage, model, signal, onToken, onDone, onError, onToolCall, onToolResult, beforeToolCall }) {
+    this.history.push({ role: 'user', content: userMessage });
+    const maxCtx  = (model && model.contextWindow) || 32768;
+    const maxIter = config.maxToolIterations || 25;
+    let iterations = 0;
+    // ── Iterative agent loop ──────────────────────────────────────────
+    while (true) {
+      if (signal && signal.aborted) {
+        onError(Object.assign(new Error('aborted'), { type: 'ABORTED' }));
+        return;
+      }
+      iterations++;
+      if (iterations > maxIter) {
+        onDone('[Tool iteration limit reached. Use /retry to continue.]');
+        return;
+      }
+      // Build messages with proactive trimming (BEFORE sending)
+      const sysPrompt = buildSystemPrompt(this.mode, this.cwd);
+      let messages = [{ role: 'system', content: sysPrompt }, ...this.history];
+      messages = trimHistory(messages, maxCtx);
+      // ── Stream response ─────────────────────────────────────────────
+      let fullResponse = '';
+      let streamError  = null;
+      await new Promise((resolve) => {
+        let resolved = false;
+        const done = () => { if (!resolved) { resolved = true; resolve(); } };
+        streamChat({
+          messages, model: model.id, signal,
+          maxTokens: model.maxTokens || config.maxTokens || 8192,
+          onToken: (token, full) => { fullResponse = full; if (onToken) onToken(token, full); },
+          onDone:  (content) => { fullResponse = content || fullResponse; done(); },
+          onError: (errObj) => { streamError = errObj; done(); },
+        });
+      });
+      // Rate limit backoff inside tool loop — rotate-first strategy
+      if (streamError && streamError.type === 'RATE_LIMIT' && iterations > 1) {
+        // Don't retry same model. Surface error to app.js for provider rotation.
+        onError(Object.assign(new Error(streamError.msg || 'Rate limited'), streamError));
+        return;
+      }
+      if (streamError) {
+        onError(Object.assign(new Error(streamError.msg || 'error'), streamError));
+        return;
+      }
+      if (signal && signal.aborted) return;
+      // Store full response in history (including thinking for continuity)
+      this.history.push({ role: 'assistant', content: fullResponse });
+      // Chat mode — done after single response
+      if (this.mode !== 'hunt') {
+        const { visible } = extractThinking(fullResponse);
+        onDone(visible || fullResponse);
+        return;
+      }
+      // Hunt mode — parse tool calls
+      const toolCalls = parseToolCalls(fullResponse);
+      if (toolCalls.length === 0) {
+        const { visible } = extractThinking(fullResponse);
+        onDone(visible || fullResponse);
+        return;
+      }
+      // Execute all tools
+      for (const tc of toolCalls) {
+        if (signal && signal.aborted) return;
+        if (onToolCall) onToolCall(tc);
+        if (beforeToolCall) {
+          const decision = await beforeToolCall(tc);
+          if (decision === 'no') {
+            this.history.push({ role: 'user', content: `[Tool Denied: ${tc.name}] User rejected. Try a different approach.` });
+            continue;
+          }
+        }
+        let result;
+        const toolStart = Date.now();
+        try {
+          result = await executeTool(tc, this.cwd);
+        } catch (err) {
+          result = `[Error: ${tc.name}] ${err.message}`;
+        }
+        if (onToolResult) onToolResult(tc, result);
+        this.history.push({ role: 'user', content: `[Tool Result: ${tc.name}]\n${result}` });
+      }
+      // Adaptive throttle based on tool types — minimal delay
+      const hasWrite = toolCalls.some(tc => ['write_file', 'edit_file', 'execute_command', 'delete_file'].includes(tc.name));
+      await new Promise(r => setTimeout(r, hasWrite ? 300 : 100));
+    }
+  }
+}
+module.exports = { Agent, MODES };